August 15th, 2012 by Stefan Krueger
Microsoft released a critical security update for MSCOMCTL.OCX. Windows Update will replace the vulnerable version of the ActiveX control that shipped with various Microsoft products (Office, SQL Server, etc.). But if you installed a private copy of this file in your application folder, it will not be replaced by Windows Update. Instead, you should send an update to your customers, as noted in the FAQ section of Microsoft Security Bulletin MS12-060:
I am a third-party application developer and I use the ActiveX control in my application. Is my application vulnerable and how do I update it?
Developers who redistribute the ActiveX control should ensure that they update the version of the ActiveX control installed with their application by downloading the update provided in this bulletin. For more information on best practices on redistributed component use, please see Microsoft Knowledge Base Article 835322 and Isolated Applications and Side-by-side Assemblies.
Posted in Security | Comments Off on If you are redistributing MSCOMCTL.OCX you may need to contact your customers